Bermuda -- Custody Regulations Regulatory Overview

Bermuda has established comprehensive digital asset custody regulations primarily through the Digital Asset Business Act (DABA) and supplementary rules, overseen by the Bermuda Monetary Authority (BMA)[1].

Custodial License Requirements

Entities providing custodial services for digital assets must obtain a license under the DABA[1]. The BMA established an Assessment and Licensing Committee (ALC) for the Digital Asset Business Application Process in September 2018[3]. Unlicensed operation in digital asset activities carries penalties of up to US$250,000 in fines and/or up to five years imprisonment, with maximum non-compliance penalties under the DABA reaching $10,000,000[3].

Segregation of Client Assets

Strict segregation of client assets from the business's own assets is mandatory[3]. The Digital Asset Custody of Client Assets Rules 2025 outline detailed definitions, segregation requirements, and management obligations related to default situations and record-keeping[6]. Client assets must be held separately with trustees acting as fiduciaries for clients' holdings and maintaining accurate accounting records[3].

Insurance and Bonding Requirements

Licensed digital asset businesses must carry sufficient insurance commensurate with the nature and scale of their digital asset business[1]. The insurance requirements are specified in the Digital Asset Business (Prudential Standards) (Annual Return) Rules 2018[1].

Governance Requirements

Businesses must be directed by two individuals overseen by non-executive members[1], and comply with guidance contained in a "Statement of Principles" issued by the BMA[1].

Cold Storage and Private Key Control Standards

The Digital Asset Business Custody Code of Practice (updated in April 2023) establishes technical standards for custodial wallet services[7]. The BMA considers control of private keys—including through multiparty computation (MPC) wallets with authorization procedures—essential for determining control and ownership status of digital assets[7]. The Custody Code includes specific technical standards applicable to DABA licensees providing custodial wallet services to ensure effective management and control of private keys[7].

Additional custody governance considerations include physical security of storage facilities, cybersecurity measures to protect against cyberattacks, business continuity plans, and auditing/reporting procedures to ensure proper implementation[2].

Custody Governance Framework

The BMA issued a draft code of practice on digital asset custody covering safekeeping of assets in custody, recovery protocols for compromised or corrupted assets, transaction handling, and operational policies and procedures[1].

Pending Legislation

In 2025, the BMA published a consultation paper proposing to introduce a regulatory regime for payment service providers in Bermuda[7].

Note: While specific URLs were requested, the search results provided reference these regulatory frameworks without direct links to the actual legislation or rules documents. The regulatory references include the Digital Asset Business Act, Digital Asset Custody of Client Assets Rules 2025, the Custody Code of Practice, and related prudential standards rules administered by the BMA.